package com.mike.controller.backend;

import com.mike.common.Const;
import com.mike.common.ServerResponse;
import com.mike.pojo.User;
import com.mike.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

/**
 * Created by HP on 2018/3/3.
 */

@Controller
@RequestMapping("/userManage/")
public class UserManageAction {

    @Autowired

    private IUserService userService;


    /**
     * 登录后台管理系统
     * 可复用门户登录Service方法login
     * param username
     * param password
     * param session
     * return
     */
    @RequestMapping(value = "login.do",method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse<User> login(String username, String password, HttpSession session){
        //1-复用门户登录接口login
        ServerResponse<User> resultResponse = userService.login(username,password);
        //2-登录成功，对用户限权进行校验
        if(resultResponse.isSuccess()){
            User user = resultResponse.getData();
            if(user.getRole() == Const.Role.ROLE_ADMIN){
                //3-登录成功并符合管理员限权条件，将user信息写入session（此时，user的密码已经在service中进行了置空
                session.setAttribute(Const.CURRENT_USER,user);
            }else{
                return ServerResponse.createErrorMessageResponse("该用户没有管理限权，无法登录后台管理系统");
            }
        }
        return resultResponse;
    }
}
